You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by we...@apache.org on 2019/02/21 02:31:06 UTC
[hadoop] branch branch-3.0 updated: HADOOP-15813. Enable more
reliable SSL connection reuse. Contributed by Daryn Sharp.
This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/branch-3.0 by this push:
new 4eccf2a HADOOP-15813. Enable more reliable SSL connection reuse. Contributed by Daryn Sharp.
4eccf2a is described below
commit 4eccf2a3cc6b1468085f48ee267b2093b4f5be9d
Author: Daryn Sharp <da...@apache.org>
AuthorDate: Wed Feb 20 18:13:53 2019 -0800
HADOOP-15813. Enable more reliable SSL connection reuse. Contributed by Daryn Sharp.
Signed-off-by: Wei-Chiu Chuang <we...@apache.org>
(cherry picked from commit a87e458432609b7a35a2abd6410b02e8a2ffc974)
(cherry picked from commit ae8839e6e8cc3e8f8d5e50525d3302038ada484b)
(cherry picked from commit 704330a616c17256b3e39370f999928ba1c463e6)
---
.../src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
index f05274a..8e8421b 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
@@ -108,6 +108,10 @@ public class SSLFactory implements ConnectionConfigurator {
private Mode mode;
private boolean requireClientCert;
private SSLContext context;
+ // the java keep-alive cache relies on instance equivalence of the SSL socket
+ // factory. in many java versions, SSLContext#getSocketFactory always
+ // returns a new instance which completely breaks the cache...
+ private SSLSocketFactory socketFactory;
private HostnameVerifier hostnameVerifier;
private KeyStoresFactory keystoresFactory;
@@ -178,6 +182,9 @@ public class SSLFactory implements ConnectionConfigurator {
context.init(keystoresFactory.getKeyManagers(),
keystoresFactory.getTrustManagers(), null);
context.getDefaultSSLParameters().setProtocols(enabledProtocols);
+ if (mode == Mode.CLIENT) {
+ socketFactory = context.getSocketFactory();
+ }
hostnameVerifier = getHostnameVerifier(conf);
}
@@ -298,7 +305,7 @@ public class SSLFactory implements ConnectionConfigurator {
throw new IllegalStateException(
"Factory is not in CLIENT mode. Actual mode is " + mode.toString());
}
- return context.getSocketFactory();
+ return socketFactory;
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org